package pers.archives.loginToken.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import pers.archives.common.constant.SecurityConstant;
import pers.archives.loginToken.authentication.ArchivesAuthenticationFailureHandler;
import pers.archives.loginToken.authentication.ArchivesAuthenticationSuccessHandler;

/*
 *@program:archives-parent
 *@author: 赵浩浩
 *@Time: 2020/9/12  15:48
 */
@Configuration
@EnableResourceServer
public class ArchivesResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private AuthorizeConfigManager authorizeConfigManager;

    @Autowired
    private LoginAuthenticationConfig loginAuthenticationConfig;


    @Override
    public void configure(HttpSecurity http) throws Exception {
        loginAuthenticationConfig.configure(http);
        http.csrf().disable()
                // 基于token，所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        authorizeConfigManager.config(http.authorizeRequests());
    }
}
